Академический Документы
Профессиональный Документы
Культура Документы
User Manual
InHand Networks
www.inhandnetworks.com
Version: v1.2
December 2016
Disclaimers
The content in this manual is subject to change without notice. This manual is only used as the
guidance. InHand makes every effort to provide accurate information in this manual, but InHand
does not guarantee that there is no error in the manual. All statements, information and
recommendations in this manual do not constitute any expressed or implied warranty.
Technical Support
For technical support, please contact:
E-mail: support@inhandneworks.com
1
Preface
This user manual will guide you on installing and configuring InHand IR6XX-S industrial router.
Audience
Network Planner
Network administrators
Conventions
Conventions Indication
<> Content in angle brackets “<>” indicates a button name. For example, the <OK>
button.
“” “” indicates a window name or menu name. For example, the pop-up window
“New User.”
>> A multi-level menu is separated by the double brackets “>>.” For example, the
multi-level menu File >> New >>Folder indicates the menu item [Folder] under
Means reader be careful. Improper action may result in loss of data or device damage.
2
Contents
PREFACE .................................................................................................................................................... 2
AUDIENCE ................................................................................................................................................ 2
CONVENTIONS .......................................................................................................................................... 2
CONTENTS ................................................................................................................................................ 1
3. 1 System ....................................................................................................................................... 7
3
3.1.4 Admin Access ...................................................................................................................................... 9
3. 2 Network ................................................................................................................................... 14
3.2.8 DNS.................................................................................................................................................... 21
3.7.1PING Detection................................................................................................................................... 44
3.7.2Traceroute .......................................................................................................................................... 44
5
Contents
I. InRouter6XX-S Introduction
1.1 Overview
Integrating 3G, 4G LTE and advanced security, the InRouterXX-S (referred to as “IR6XX-S”
thereinafter) series is the next generation of InRouter695 cellular router. With embedded
hardware watchdog, link detection, auto-recovery and auto-reboot, the InRouterIR6XX-S series
provides reliable communications to unattended sites. Reliable VPN technology secures sensitive
data. The IR6XX-S also utilizes remote management tools such as a CLI, a web interface and
InHand Device Manager Cloud platform for batch configuration and monitoring.
IR6XX-S series is ideal for large-scale Internet of Things (IoT) applications including kiosks,
Standard Accessories
Accessories Quantity Description
IR611-S 1 IR611-S series industrial router
Power Adapter 1 12VDC power adapter
Cable 1 1. 5m cable
Optional Accessories
Accessories Quantity Description
3G/4G antenna (for 3G/4G models), 2 for VH09,
3G/4G antenna 1/2
FS18 and FS28 models, 1 for others
Wi-Fi antenna 2 Dual Wi-Fi antennas (for Wi-Fi models)
Hanger mounting accessory 1 To fix device
1
1.2.2 Applicable to IR615-S series
Standard Accessories
Accessories Quantity Description
IR615-S 1 IR615-S series industrial router
DIN rail 1 DIN35 rail
Power Terminal 1 7PIN 3.81mm industrial terminal
Cable 1 1. 5m cable
Optional Accessories
Accessories Quantity Description
Power Adapter 1 12VDC power adapter
3G/4G antenna (for 3G/4G models), 2 for hardware
3G/4G antenna 1/2
version 40214, 60214 and 60625, 1 for others
Wi-Fi antenna 2 Dual Wi-Fi antennas (for Wi-Fi models)
Hanger mounting or
1 To fix device
wall-mounting accessories
2
IR6XX-S series has a variety of panel appearances, but all of the installation methods are the
same. The specific panel condition should be subject to the real object.
3
(Red) (Green) (Yellow) (Red)
II. Installation
Precautions:
Please be sure there is 3G/4G network coverage and there is no shield on site. 220V AC or
9~26VDC shall be provided on site. First installation shall be done under direction of the
1 PC
1 SIM card:
Ensure the card is enabled with data service and its service is not suspended
Power supply:
Fixation:
Please place InRouter level and have it installed in an environment with small
vibrational frequency.
IR6XX-S series apply pop-up card holder. Press the yellow button on the right of the card holder
and the card holder will pop up. Then, install the SIM/UIM card and press the card holder back to
Slightly rotate the movable part of metal SMA-J interface until it cannot be rotated (at this time,
external thread of antenna cable cannot be seen). Do not forcibly screw the antenna by holding
5
2.4 Installation of Protective Grounding
Step 2: Connect the grounding ring of the cabinet’s grounding wire onto the grounding
screw.
To improve the immunity from interference of whole router, the router must be grounded when
using. According to operating environment, the ground wire should be connected with
grounding stud of router.
Upon installation of the antenna, connect the device to 9~26V DC power and see if the Power
LED on the panel of the device is on. If not, please contact technical support of InHand Networks
immediately.
Upon installation of hardware, be sure the Ethernet card has been mounted in the supervisory PC
Please set the supervisory computer to "automatic acquisition of IP address" and "automatic
acquisition of DNS server address" (default configuration of computer system) to let the device
Set the IP address of supervisory PC (such as 192. 168. 2. 2) and LAN interface of device in same
network segment (initial IP address of LAN interface of device: 192. 168. 2. 1, subnet mask: 255.
the proxy service. The operating steps are shown below: 1) In the browser window, select
"tools>>Internet options"; 2) select "connection" page and click the button of LAN Settings to
enter "LAN Settings" window interface. Please confirm if the option "Use a Proxy Server for LAN"
Open IE or other browser and enter IP address of IR611-S, such as http://192.168.2.1 in address
bar (default setting of IR611-S). Upon connection, log in from the login interface as a system
admin, i.e. enter username and password at the login interface (user name /password default:
adm/123456).
For security, you are suggested to modify the default login password after the first login
and safe keep the password information.
Prior to use, the device shall be effectively configured. This chapter will introduce how to
3. 1 System
The system configuration process involves ten steps, including basic setup, system time, serial
port, admin access, system Log, configuration management, task schedule, update, reboot and
logout. Here, system and network state and system time of synchronizing device and PC can be
checked and router WEB configuration interface language can be set as well as the name of
7
3.1.1 Basic Setup
Here, WEB configuration interface language can be set; name of mainframe of router can be
customized.
From the navigation tree, select System >> Basic Setup, then enter the “Basic Setup” page.
Basic settings
Function description: Select display language of the router configuration interface and set
personalized name.
Parameters Description Default
Language Configure language of WEB configuration interface Chinese
Set a name for the host or device connected to the router
Host Name Router
for viewing.
To ensure the coordination between this device and other devices, user is required to set the
system time in an accurate way since this function is used to configure and check system time as
well as system timezone. System time is used to configure and view system time and system time
zone. It aims to achieve time synchronization of all devices equipped with a clock on network
From the navigation tree, select System >> Time, then enter the “Time” webpage, as shown
below. Click <Sync Time> to synchronize the time of the gateway with the system time of the
host.
System Time
Function description: Set local timezone and automatic updating time of NTP.
Parameters Description Default
Time of
Display present time of router 8:00:00 AM, 12/12/2015
Router
PC Time Display present time of PC Present time
Timezone Set timezone of router Custom
Custom TZ
Set TZ string of router CST-8
String
Auto update Select whether to automatically update time, Disable
8
Time you may select when startup or very
1/2/...hours.
Setting the parameters of router’s serial port according to the serial port of the terminal device
connected with router to achieve the normal communication between router and terminal
device.
From the navigation tree, select System >> Serial Port, then enter “Serial Port” page.
HTTP
HTTP (Hypertext Transfer Protocol) is used for transferring web pages on Internet. After enabling
HTTP service on device, users can log on via HTTP and access and control the device using a web
browser.
HTTPS
HTTPS (Secure Hypertext Transfer Protocol) is the secure version of hypertext transfer protocol.
TELNET
Telnet protocol provides telnet and virtual terminal functions through a network. Depending on
Server/Client, Telnet Client could send request to Telnet server which provides Telnet services.
9
The device supports Telnet Client and Telnet Server.
Console
The console port, also called the access or serial port, refers for initial configuration and
subsequent management of a device. It has the same terminal as the telnet client.
From the navigation tree, select System >> Admin Access, then enter “Admin Access” page.
Console Login User (Click <new> button after setting a group of username and password)
Username Configure console login user, custom N/A
Password Configure the password, custom N/A
Other Parameters
Log Timeout Set login timeout (router will automatically disconnect 500 seconds
the configuration interface after login timeout)
In “Username/Password” section, users can modify username and password rather than
create new username, i.e. only this username can be used in logins.
In “Console Login User” section, we can create multiple usernames, i.e. multiple
usernames can be used by serial port or TELNET console logins.
A remote log server can be set through “System Log Settings,” and all system logs will be
uploaded to the remote log server through the gateway. This makes remote log software, such as
Kiwi Syslog Daemon is free log server software for Windows. It can receive, record and display
logs from host (such as gateway, exchange board and Unix host). After downloading and installing
Kiwi Syslog Daemon, it must be configured through the menus “File >> Setup >> Input >> UDP.
From the navigation tree, select System >> System Log, then enter “System Log” page.
System Log
Function description: Configure IP address and port number of remote log server which will
record router log.
Parameters Description Default
Log to Remote System Enable log server Disable
Log server address and N/A:
Set address and port of remote log server
port (UDP) 514
Log to Console Output device log by serial port Disable
11
3.1.6 Configuration Management
Here you can back up the configuration parameters, import the desired parameters backup and
From the navigation tree, select System >> Config Management, then enter the “Config
Management” page.
Configuration Management
Function description: Set parameters of configuration management.
Parameters Description Default
Browse Choose the configuration file N/A
Import Import configuration file to router N/A
Backup Backup configuration file to host N/A
Restore default Select to restore default configuration (effective after
N/A
configuration rebooting)
Modem drive
For configuring drive program of module N/A
program
Network Provider For configuring APN, username, password and other
N/A
(ISP) parameters of the network providers across the world
Validity and order of imported configurations should be ensured. The good configs will later
be serially executed in order after system reboot. If the configuration files didn’t be arranged
according to effective order, the system won’t enter the desired state.
In order not to affect the operation of the current system, when performing an import
configuration and restore default configuration, users need to restart the device to make the
After this function is enabled, the device will restart as the scheduled time.
12
From the navigation tree, select System >> Task Schedule, then enter “Task Schedule” page.
The upgrading process can be divided into two steps. In the first step, upgrading files will be
written in backup firmware zone, e.g. , the process in the section of System Upgrading; in second
step: files in backup firmware zone will be copied to main firmware zone, which should be carried
out during system restart. During software upgrading, any operation on web page is not allowed,
From the navigation tree, select System >> Upgrade, then enter the “Upgrade” page.
To upgrade the system, firstly, click <Browse> choose the upgrade file, secondly, click <Upgrade>
and then click <OK> to begin upgrade; thirdly, upgrade firmware succeed, and click <Reboot> to
3.1.9 Reboot
Please save the configurations before reboot, otherwise the configurations that are not saved will
To reboot the system, please click the System>>Reboot, then click <OK>.
3.1.10 Logout
13
3. 2 Network
Network settings include Dialup/Cellular, WAN (only for IR615-S series), Link Backup, LAN, WLAN
SIM card dial out through dial access to achieve the wireless network connection function of
router.
Click the “Network>>Dial Interface” menu in the navigation tree to enter the “Dial Interface”.
Table3-2-1-1Parameters of Dialup/Cellular
Dialup/Cellular Connection
Function description: Configure parameters of PPP dialup. Generally, users only need to set
basic configuration instead of advanced options.
Parameters Description Default
Enable Enable PPP dialup. Enable
Time Schedule Set time schedule ALL
Enable—Local device connected to Router
Shared connection can access to the Internet via Router.
Enable
(NAT) Disable—Local device connected to Router
cannot access to the Internet via Router.
Default Route Enable default route Enable
For selecting network provider providing
Network Provider (ISP) Custom
service at present
APN (inapplicable to Mobile carrier provides relevant parameters
cmnet/uninet
CDMA2000 series) (subject to local carrier)
“*99#”“*99***1#”(
China Mobile,
Relevant dialing parameters provided be
Dialing Number China
mobile carriers (subject to local carrier)
Unicom)#777(China
Telecom)
“gprs” (China
Mobile, China
Relevant dialing parameters provided be
Username Unicom)
mobile carriers (subject to local carrier)
CARD(China
Telecom)
“gprs” (China
Relevant dialing parameters provided be
Password Mobile, China
mobile carriers (subject to local carrier)
Unicom)
14
CARD(China
Telecom)
Network Type Auto, 2G Only, 3G Only, 4G Only Auto
Optional always online, dial on demand,
Connection Mode Always Online
manual dialing
Redial Interval Set the redialing time when login fails. 30 s
Show Advanced Click to show advanced options (parameters
Disable
Options of advanced options are listed below)
PIN Code For setting PIN code N/A
MTU Set max. transmission unit 1500
Authentication method Optional: Auto, PAP, CHAP Auto
Click to receive peer DNS assigned by the
Use Peer DNS Enable
mobile carrier
Link detection interval Set link detection interval 55 s
Enable Debug Enable debug mode. Disable
Set the ICMP Detection Server. N/A
ICMP Detection Server N/A
represents not to enable ICMP detection.
ICMP Detection Interval Set ICMP Detection Interval 30 s
ICMP Detection Set ICMP Detection Timeout (the detection
20 s
Timeout server will reboot if ICMP times out)
Set the max. number of retries if ICMP fails
ICMP Detection Retries 5
(redial if reaching max. times)
Table3-2-1-2Parameters of Dialup/Cellular - Schedule
Administration of dialup/Cellular - Schedule
Function description: Online or offline based on the specified time.
Parameters Description Default
Name of Schedule schedule 1 schedule1
Sunday ~ Saturday Click to enable
Time Range 1 Set time range 1 9:00-12:00
Time Range 2 Set time range 2 14::00-18:00
Time Range 3 Set time range 3 0:00-0:00
Description Set description content N/A
WAN supports three types of wired access including static IP, dynamic address (DHCP) and ADSL
(PPPoE) dialing.
DHCP adopts Client/Server communication mode. Client sends configuration request to Server
which feeds back corresponding configuration information, including distributed IP address to the
original connection way. Through PPPoE, remote access devices could achieve the control and
Click the “Network>>WAN” menu in the navigation tree to enter the “WAN" Interface.
WAN - Static IP
Function description: Wired access to Internet via fixed IP.
Parameters Description Default
Enable—Local device connected to
Router can access to the Internet via
Router.
Shared connection Enable
Disable—Local device connected to
Router cannot access to the Internet via
Router.
00:18:05:08:07:3D
(provided by
MAC Address MAC Address of the device InHand Networks),
provided for device
manufacturer
IP Address Set IP address of WAN 192.168.1.29
255. 255. 255.
Subnet mask Set subnet mask of WAN
0
Gateway Set gateway of WAN 192. 168. 1. 1
Max. transmission unit, default/manual
MTU default (1500)
settings
Multiple IP support (at most 8 additional IP addresses can be set)
IP Address Set additional IP address of LAN N/A
Subnet mask Set subnet mask N/A
For recording significance of additional
Description N/A
IP address
Table 3-2-2-2 Dynamic Address (DHCP) Parameters of WAN
WAN - Dynamic Address (DHCP)
Function description: Support DHCP and can automatically get the address allocated by other
routers.
Parameters Description Default
Enable—Local device connected to
Shared connection Enable
Router can access to the Internet via
16
Router.
Disable—Local device connected to
Router cannot access to the Internet via
Router.
00:18:05:08:07:3D
(provided by
MAC Address MAC Address of the device InHand Networks),
provided for device
manufacturer
Max. transmission unit, default/manual
MTU default (1500)
settings
00:18:05:08:07:3D
(provided by
MAC Address MAC Address of the device InHand Networks),
provided for device
manufacturer
Max. transmission unit, default/manual
MTU default (1492)
settings
WAN - ADSL Dialing (PPPoE)
Username Set name of dialing user N/A
Password Set dialing password N/A
Static IP Click to enable static IP Disable
Set dialing connection method (always
Connection Mode Always online
online, dial on demand, manual dialing)
Parameters of Advanced Options
Service Name Set service name N/A
Set length of transmit
Set length of transmit queue. 3
queue.
17
Enable IP header
Click to enable IP header compression Disable
compression
Use Peer DNS Click to enable use peer DNS Enable
Link detection interval Set link detection interval 55 s
Link detection Max. Retries Set link detection max. retries 10
Enable Debug Click to enable debug Disable
Expert Option Set expert options N/A
ICMP Detection Server Set ICMP detection server N/A
ICMP Detection Interval Set ICMP Detection Interval 30 s
ICMP Detection Timeout Set ICMP detection timeout 20 s
ICMP Detection Retries Set ICMP detection max. retries 3
Link Backup
Function description: When the system runs, main link will first be enabled for
communication. However, when the main link is disconnected due to certain reason, the
system will automatically switch to the backup link to ensure normal communication.
Parameters Description Default
Enable Click to enable link backup Disable
Main Link Optional WAN or dialing interface WAN
ICMP Detection Server Set ICMP detection server N/A
ICMP Detection Interval Set ICMP Detection Interval 10 s
ICMP Detection Timeout Set ICMP detection timeout 3s
ICMP Detection Retries Set ICMP detection max. retries 3
Backup Link Optional dialup/cellular or WAN Dialup/Cellular
Connection
Backup mode Optional hot or cold backup Hot backup
Table 3-2-3-2 Parameters of Link Backup - Backup Mode
3.2.4 LAN
LAN provides configuration and modification of the parameters related to LAN for the device.
18
Here MAC address, IP address and other basic information can be modified and multiple IP
Click the “Network>>LAN” menu in the navigation tree to enter the configuration interface.
Table3-2-4Parameters of LAN
2 LAN
Function description: LAN is the gateway address of router.
Parameters Description Default
MAC Address MAC Address of the device LAN 00:18:05:08:15:77 (provided by
InHand Networks), provided
for device manufacturer
IP Address Set IP address of LAN 192.168.2.1 (New IP address of
LAN needs to be entered after
modification to enter the
configuration page)
Subnet mask Set subnet mask of LAN 255. 255. 255. 0
MTU Max. transmission unit, optional default (1500)
default/manual configuration
LAN Mode Select transmit rate: Optional Auto Auto Negotiation
Negotiation/100M Full Duplex/100M
Half Duplex/10M Full Duplex/10M
Half-Duplex
Multiple IP support (at most 8 additional IP addresses can be set)
IP Address Set additional IP address of LAN N/A
Subnet mask Set subnet mask N/A
Description For recording significance of additional N/A
IP address (not support Chinese
characters)
WLAN refers to Wireless Local Area Network. WLAN has two types of interfaces, the Access point
Click the “Network>>Switch of WLAN Mode” menu in the navigation tree to switch WLAN mode.
When working in AP mode, the device WLAN will provide network access point for other wireless
19
network devices so that they will have normal network communication.
Click the “Network>>WLAN” menu in the navigation tree to enter the “WLAN" interface.
When working in STA mode, the device WLAN will enable normal network communication by
Click the “Network>>WLAN Client” menu in the navigation tree to enter the “WLAN” interface.
Select “Client” for the interface type and configure relevant parameters. (At this moment, the
The scanning function of the SSID can be started only when selecting the Client at the WLAN
interface type. In the “SSID scanning” interface, all available SSID names as well as the connection
3.2.8 DNS
DNA (Domain Name System) is a DDB used in TCP/IP application programs, providing switch
between domain name and IP address. Through DNS, user could directly use some meaningful
domain name which could be memorized easily and DNS Server in network could resolve the
domain name into correct IP address. The device makes analysis on dynamic domain name via
DNS.
Manually set the DNS, use DNS via dialing if it is empty. Generally, it needs to set this only when
Click the “Network>>Domain Name Service” menu in the navigation tree to enter the “Domain
DDNS maps user's dynamic IP address to a fixed DNS service. When the user connects to the
network, the client program will pass the host’s dynamic IP address to the server program on the
service provider’s host through information passing. The server program is responsible for
providing DNS service and realizing dynamic DNS. It means that DDNS captures user's each
change of IP address and matches it with the domain name, so that other Internet users can
communicate through the domain name. What end customers have to remember is the domain
name assigned by the dynamic domain name registrar, regardless of how it is achieved.
DDNS serves as a client tool of DDNS and is required to coordinate with DDNS Server. Before
21
the application of this function, a domain name shall be applied for and registered on a proper
To set DDNS, click the "Network >> Dynamic Domain Name" menu in the navigation tree, then
Static route needs to be set manually, after which packets will be transferred to appointed routes.
To set static route, click the "Network >> Static Route" menu in the navigation tree, then enter
22
Static Route
Function description: Add/delete additional static rote of router. Generally, it's unnecessary
for users to set it.
Parameters Description Default
Destination
Set IP address of the destination N/A
Address
255. 255.
Subnet Mask Set subnet mask of the destination
255. 0
Gateway Set the gateway of the destination N/A
Select LAN/CELLULAR/WAN (only applicable to IR615-S
Interface N/A
series) to access to the destination address
For recording significance of static route address (not
Description N/A
support Chinese characters)
3.3 Service
Service settings include DHCP service, DNS relay, hot backup (VRRP), device manager, DTU and
SMS.
DHCP adopts Client/Server communication mode. Client sends configuration request to Server
which feeds back corresponding configuration information, including distributed IP address to the
The duty of DHCP Server is to distribute IP address when Workstation logs on and ensure
each workstation is supplied with different IP address. DHCP Server has simplified some
network management tasks requiring manual operations before to the largest extent.
As DHCP Client, the device receives the IP address distributed by DHCP server after logging
in the DHCP server, so the Ethernet interface of the device needs to be configured into an
automatic mode.
To enable the DHCP server, find the navigation tree, select Services >> DHCP Service, then enter
23
automatically, then such service must be activated. Static designation of DHCH
allocation could help certain host to obtain specified IP address.
Parameters Description Default
Enable DHCP Enable DHCP service and dynamically allocate IP Enable
address
IP Pool Starting Address Set starting IP address of dynamic allocation 192. 168.
2. 2
IP Pool Ending Address Set ending IP address of dynamic allocation 192. 168.
2. 100
Lease Set lease of IP allocated dynamically 60 minutes
DNS Set DNS Server 192. 168.
2. 1
Windows Name Server Set windows name server. N/A
Static designation of DHCH allocation (at most 20 DHCPs designated statically can be set)
MAC Address Set a statically specified DHCP’s MAC address N/A
(different from other MACs to avoid confliction)
IP Address Set a statically specified IP address 192. 168.
2. 2
Host Set the hostname. N/A
The device, as a DNS Agent, relays DNS request and response message between DNS Client and
DNS Server to carry out domain name resolution in lieu of DNS Client.
From navigation tree, select "Network >>DNS Relay" menu, then enter “DNS Relay” page.
24
When enabling DHCP, the DHCP relay is also enabled automatically. Relay cannot be disabled
VRRP (Virtual Router Redundancy Protocol) adds a set of routers that can undertake gateway
function into a backup group to form a virtual router. The election mechanism of VRRP will decide
which router to undertake the forwarding task and the host in LAN is only required to configure
VRRP will bring together a set of routers in LAN. It consists of multiple routers and is similar to a
virtual router in respect of function. According to the VLAN interface IP of different network
segments, it can be virtualized into multiple virtual routers. Each virtual router has an ID number
Virtual router has an IP address, known as the Virtual IP address. For the host in
LAN, it is only required to know the IP address of virtual router, and set it as the
Host in the network communicates with the external network through this virtual
router.
A router will be selected from the set of routers based on priority to undertake the
gateway function. Other routers will be used as backup routers to perform the
duties of gateway for the gateway router in case of fault of gateway router, thus to
Monitor interface function of VRRP better expands backup function: the backup function can be
offered when interface of a certain router has fault or other interfaces of the router are
unavailable.
When interface connected with the uplink is at the state of Down or Removed, the router actively
reduces its priority so that the priority of other routers in the backup group is higher and thus the
25
router with highest priority becomes the gateway for the transmission task.
From navigation tree, select "Network >>VRRP" menu, then enter “VRRP” page.
Device Management is a software platform to manage devices. The device can be managed and
operated via software platform when Device Management is started so that the Internet can be
in efficient operation. For instance, the operating status of device can be checked, device
software can be upgraded, device can be restarted, configuration parameters can be sent down
to device, and transmitting control or message query can be realized on device via Device
Manager.
Click the "Service>>Device Manager" menu in the navigation tree to enter the "Device Manager"
interface. It only support two modes, i.e. SMS and SMS + IP.
3.3.5 DTU
From navigation tree, select "Service>>DTU" menu, then enter “DTU” page.
27
Max. Reconnect Set the max. reconnect interval 180 s
Interval
DTU ID Set DTU ID. N/A
Source address Set the Source IP. N/A
Report DTU ID interval Set report of DTU ID interval 0s
Multi-Server Set server address and port N/A
3.3.6 SMS
SMS permits message-based reboot and manual dialing. Configure Permit to Phone Number and
click <Apply and Save>. After that you can send “reboot” command to restart the device or send
From navigation tree, select "Service>>SMS" menu, then enter “SMS” page.
3.4 Firewall
The firewall function of the router implements corresponding control to data flow at entry
direction (from Internet to local area network) and exit direction (from local area network to
Internet) according to the content features of message (such as: protocol style,
source/destination IP address, etc. ) and ensures safe operation of router and host in local area
network.
Settings of firewall include basic setup, access control, filtering, port mapping, virtual IP mapping,
From the navigation tree, select Firewall >> Basic Setup, then enter the “Basic Setup” page.
It implements permission or prohibition of access for appointed data flow via configuration of
some matching rules so as to filter the network interface data. After message is received by port
of router, the field is analyzed according to the rule applied on the current port. And after the
To enable Access Control from the navigation tree, select Firewall >> Access Control, then enter
3.4.3 Filtering
From navigation tree, select "Firewall>>Filtering" menu, then enter “Filtering” page.
Port mapping is also called virtual server. Setting of port mapping can enable the host of extranet
To configure port mapping, go into the navigation tree, select "Firewall >> Port Mapping", then
Both router and the IP address of the host of intranet can correspond with one virtual IP.
Without changing IP allocation of intranet, the extranet can access to the host of intranet via
To configure virtual IP mapping, go into the navigation tree, select "Firewall >> Virtual IP
3.4.6 DMZ
After mapping all ports, extranet PC can access to all ports of internal device by DMZ settings.
From the navigation tree, select Firewall >> DMZ, then enter the “DMZ” page.
31
The IR6x1's management port should never be mapped to the device port by this function.
If the default process in the basic setting of firewall is disabled, only hosts specified in MAC-IP can
From the navigation tree, select Firewall >> MAC-IP Binding, then enter the “MAC-IP Binding”
page.
3.5 QoS
Some applications bring convenience to users, but they also take up a lot of network bandwidth.
To ensure all LAN users can normally get access to network resources, IP traffic control function
can limit the flow of specified host on local network. QoS provides users with dedicated
bandwidth and different service quality for different applications, greatly improving the network
Bandwidth control sets a limit on the upload and download speeds when accessing external
networks.
32
From the navigation tree, select QoS >> Bandwidth Control, then enter the “Bandwidth Control”
page.
From the navigation tree, select QoS >> IP Bandwidth Limit, then enter the “IP Bandwidth Limit”
page.
3.6 VPN
VPN is for building a private dedicated network on a public network via the Internet. 'Virtuality" is
a logical network.
Private: the resources of VPN are unavailable to unauthorized VPN users on the
internet; VPN can ensure and protect its internal information from external intrusion.
Virtual: the communication among VPN users is realized via public network which,
33
meanwhile can be used by unauthorized VPN users so that what VPN users obtained is
only a logistic private network. This public network is regarded as VPN Backbone.
Build a credible and secure link by connecting remote users, company branches, partners to the
Remote Access
Enterprise N
VP
Headquarter Embranchment
VPN
VP Cooperative
N
Partner
The fundamental principle of VPN indicates to enclose VPN message into tunnel with tunneling
technology and to establish a private data transmission channel utilizing VPN Backbone so as to
Tunneling technology encloses the other protocol message with one protocol. Also,
encapsulation protocol itself can be enclosed or carried by other encapsulation protocols. To the
users, tunnel is logical extension of PSTN/link of ISDN, which is similar to the operation of actual
physical link.
VPN settings include IPSec settings, IPSec tunnels, GRE tunnels, L2TP client, PPTP client,
A majority of data contents are Plaintext Transmission on the Internet, which has many potential
34
dangers such as password and bank account information stolen and tampered, user identity
imitated, suffering from malicious network attack, etc. After disposal of IPSec on the network,
IPSec is a group of open network security protocol made by IETF, which can ensure the security of
data transmission between two parties on the Internet via data origin authentication, data
encryption, data integrity and anti-replay function on the IP level. It is able to reduce the risk of
disclosure and guarantee data integrity and confidentiality and well as maintain security of
IPSec, including AH, ESP and IKE, can protect one and more date flows between hosts, between
host and gateway, and between gateways. The security protocols of AH and ESP can ensure
IPSec can establish bidirectional Security Alliance on the IPSec peer pairs to form a secure and
interworking IPSec tunnel and to realize the secure transmission of data on the Internet.
From navigation tree, select VPN>>IPSec Settings, then enter “IPSec Settings” page.
From navigation tree, select VPN>>IPSec Tunnels, enter "IPSec Tunnels" and click <add>.
35
Parameters Description Default
Click to enable advanced Disable (open advanced
Show Advanced Options
options options after enabling)
Basic parameters
Tunnel Name User defines tunnel name IPSec_tunnel_1
Set destination IP address or
Destination Address 0. 0. 0. 0
domain name
Select Auto
Activated/Triggered by
Startup Modes Auto Activated
Data/Passive/Manually
Activated
Restart WAN when failed Click to enable Enable
Select main mode or
Negotiation Mode Main Mode
aggressive mode
IPSec Protocol (Advanced
Select ESP/AH ESP
Option)
IPSec Mode (Advanced Select tunnel
Tunnel Mode
Option) mode/transmission mode
VPN over IPSec (Advanced Select L2TP over IPSec/GRE
None
Option) over IPSec/None
Select
Tunnel Type Host-Host/Host-Subnet/Subne Subnet-Subnet
t-Host/Subnet-Subnet
Local subnet address Set local subnet IP address 192. 168. 2. 1
Local Subnet Mask Set local subnet mask 255. 255. 255. 0
Peer Subnet Address Set peer subnet IP address 0. 0. 0. 0
Peer Subnet Mask Set remote netmask 255. 255. 255. 0
Phase I Parameters
IKE Strategy Multiple strategies available 3DES-MD5-DH2
IKE Life Cycle Set IKE life cycle 86400 s
Select IP address/User
FQDN/FQDN Fill in the ID
Local ID Type according to the ID type IP Address
(USERFQDN is standard email
format)
Select IP address/User
Peer ID Type IP Address
FQDN/FQDN
Select shared key/digital
Authentication method Shared key
certificate
Key Set IPSec VPN key N/A
XAUTH Parameters (Advanced Option)
XAUTH Mode Click to enable XAUTH mode Disable
XATUTH username User defines XATUTH N/A
36
username
User defines XATUTH
XATUTH password N/A
password
MODECFG Click to enable MODECFG Disable
Phase II Parameters
IPSec Strategy Multiple strategies available 3DES-MD5-96
IPSec Life Cycle Set IPSec life cycle 3600 s
Perfect Forward Secrecy Select disable/Group 1/Group Disable (this needs to match
(PFS) (Advanced Option) 2/Group 5 the server)
Link Detection Parameters (Advanced Option)
DPD Interval Set time interval. 60 s
Set the timeout for dropped
DPD Timeout 180 s
packets.
ICMP Detection Server Set ICMP detection server N/A
ICMP Detection Local IP Set ICMP detection local IP N/A
ICMP Detection Interval Set ICMP Detection Interval 60 s
ICMP Detection Timeout Set ICMP detection timeout 5s
Set ICMP detection max.
ICMP Detection Retries 10
retries
The security level of three encryption algorithms ranks successively: AES, 3DES, DES. The
implementation mechanism of encryption algorithm with stricter security is complex and slow
arithmetic speed. DES algorithm can satisfy the ordinary safety requirements.
Generic Route Encapsulation (GRE) defines the encapsulation of any other network layer protocol
on a network layer protocol. GRE could be used as the L3TP of VPN to provide a transparent
transmission channel for VPN data. In simple terms, GRE is a tunneling technology which provides
a channel through which encapsulated data message could be transmitted and encapsulation and
decapsulation could be realized at both ends. GRE tunnel application networking shown as the
following figure:
37
X Network X Network
GRE Tunnel
Along with the extensive application of IPv4, to have messages from some network layer protocol
transmitted on IPv4 network, those messages could by encapsulated by GRE to solve the
GRE tunnel could transmit multicast data packets as if it were a true network interface.
A network of different IP address shall be required to connect other two similar networks.
GRE can encapsulate and transmit multicast data in GRE tunnel, but IPSec, currently, could only
carry out encryption protection against unicast data. In case of multicast data requiring to be
transmitted in IPSec tunnel, a GRE tunnel could be established first for GRE encapsulation of
multicast data and then IPSec encryption of encapsulated message so as to achieve the
Enterprise
Intranet Telecommuting
IP Multicast Streams
From navigation tree, select VPN>>GRE Tunnels and enter "GRE Tunnels".
L2TP, one of VPDN TPs, has expanded the applications of PPP, known as a very important VPN
technology for remote dial-in user to access the network of enterprise headquarters.
L2TP, through dial-up network (PSTN/ISDN), based on negotiation of PPP, and could establish a
tunnel between enterprise branches and enterprise headquarters so that remote user has access
to the network of enterprise headquarters. PPPoE is applicable in L2TP. Through the connection
of Ethernet and Internet, a L2TP tunnel between remote mobile officers and enterprise
L2TP-Layer 2 Tunnel Protocol encapsulates private data from user network at the head of L2 PPP.
Main Purpose: branches in other places and employees on a business trip could access to the
39
RADIUS Server RADIUS Server
Enterprise Enterprise
Branch
Headquarter
L2TP Tunnel
Dialling User
L2TP Tunnel
From navigation tree, select VPN>>L2TP Client, enter "L2TP Client" and click <add>.
40
Expert Option (not
Set expert option, not recommended N/A
recommended)
From navigation tree, select VPN>>PPTP Client, enter "PPTP Client" and click <add>.
3.6.6 OpenVPN
Single point participating in the establishment of VPN is allowed to carry out ID verification by
preset private key, third-party certificate or username/password. OpenSSL encryption library and
41
SSLv3/TLSv1 protocol are massively used.
In OpenVPN, if a user needs to access to a remote virtual address (address family matching
virtual network card), then OS will send the data packet (TUN mode) or data frame (TAP mode) to
the visual network card through routing mechanism. Upon the reception, service program will
receive and process those data and send them out through outer net by SOCKET, owing to which,
the remote service program will receive those data and carry out processing, then send them to
the virtual network card, then application software receive and accomplish a complete
From navigation tree, select "VPN>>OpenVPN", then enter “OpenVPN” page, and click <Add>.
42
Expert Option (not
Set expert option, not recommended N/A
recommended)
From navigation tree, select "VPN>>OpenVPN Advanced" and enter "OpenVPN Advanced"
interface.
From navigation tree, select VPN>> Certificate Management, then enter “Certificate
Management” page.
3.7 Tools
The tools include PING detection, traceroute and link speed test.
3.7.1PING Detection
To do a ping, enter the navigation tree, select Tools>>Ping Detection, then enter the “Ping
Detection” page.
3.7.2Traceroute
To preform traceroute, select "Tools>>Traceroute" menu in the navigation tree, then enter the
44
“Traceroute” page.
Enter the navigation tree, select Tools>>Link Speed Test, then enter the “Link Speed Test” page.
3.8 Status
The status includes system, modem, network connections, routing table, device List and log.
3.8.1 System
From navigation tree, select Status >> System, then enter the “System” page.
This page displays system statistics, including name, model, serial number, description, current
version, current Bootloader version, router time, PC time, UP time, CPU load and memory
consumption. Technicians may click the <Sync Time> button to synchronize the router with the
3.8.2 Modem
From navigation tree, select Status >> Modem, then enter the “Modem” page.
This page displays the basic information of dialup, including status, signal level, register status,
45
3.8.3 Network Connections
From navigation tree, select Status >> Network Connections, then enter “Network Connections”
Dialup includes connection type, IP address, netmask, gateway, DNS, MTU, status and connection
time.
LAN includes MAC address, IP address, netmask, gateway, MTU and DNS.
From navigation tree, select Status >> Route Table, then enter “Route Table” page to see router
status.
This page displays the active route table, including destination, netmask, gateway, metric and
interface.
From navigation tree, select Status >> Device List, then enter “Device List” page to inquire the
device list.
This page displays the device list, including interface, MAC address, IP address, host and lease
3.8.6 Log
From navigation tree, select Status >> Log, then enter “Log” page.
This page displays the logs, including select to see the number of log lines (20/50/....../all), log
level (information, debug and warning), time, module and content. Clear log, download log file,
download system diagnosis record (refresh rate of this page is 5/10/…... 1min by default)
46
Appendix A FAQ
1. InRouter is powered on, but can't access Internet through it?
3. Forget the setting after revising IP address and can't configure InRouter?
Method 1: connect InRouter with serial cable, configure it through console port.
Method 2: Within 5 seconds after InRouter is powered on, press and hold the Restore
button until the ERROR LED flashes, then release the button and the ERROR LED
should goes off, press and hold the button again until the ERROR LED blinks 6
4. After InRouter is powered on, it frequently auto restarts. Why does this happen?
First check:
Whether the module works normally.
Whether the InRouter is inserted with a SIM card.
Whether the SIM card is enabled with data service, whether the service of the SIM
card is suspended because of an overdue charge.
Whether the dialup parameters, e.g. APN, dialup number, username and
password are correctly configured.
Whether the signal is normal.
Whether the power supply voltage is normal.
5. Why does upgrading the firmware of my InRouter always fail?
Examination:
When upgrading locally, check if the local PC and InRouter are in the same network
segment.
When upgrading remotely, please first make sure the InRouter can access Internet.
6. After InRouter establishes VPN with the VPN server, your PC under InRouter can connect to the
47
server, but the center can't connect to your PC under InRouter?
7. After InRouter establishes VPN with the VPN server, your PC under InRouter can't connect to
Please restore InRouter to factory default settings and configure the parameters again.
2. Release the button until after the STATUS LED flashes and the ERROR LED is on;
3. After the button is released, the ERROR LED will go off, within 30s press and hold the
4. Release the button, the system is now successfully restored to factory default
48
settings.
Help command can be obtained after entering help or “?” into console, “?” can be entered
at any time during the process of command input to obtain the current command or help from
1.1 Help
[Command] Help [<cmd>]
[Parameter]
[Example]
Enter:
help
Display all the parameters of show command and using instructions thereof.
2.1Enable
[Command] Enable [15 [<password>]]
[Parameter]15 User right limit level, only supports right limit 15 (super users) at
current.
49
inputting will be given in case of no entering.
[Example]
enable 123456
2.2 Disable
[Command] Disable
[Parameter] No
[Example]
disable
2. 3 End and !
[Command] End or !
[Function] Exit the current view and return to the last view.
[Parameter] No
[Example]
end
2. 4 Exit
[Command] Exit
[Function] Exit the current view and return to the last view (exit console in case that it is ordinary
user)
[Parameter] No
[Example]
50
Enter in configured view:
exit
Exit console.
3. 1 Show version
[Parameter] No
[Example]
Enter:
show version
Description : www.inhand.com.cn
3. 2 Show system
[Parameter] No
[Example]
Enter:
show system
51
Example: 00:00:38 up 0 min, load average: 0.00, 0.00, 0.00
3. 3 show clock
[Command] Show clock
[Parameter] No
[Example]
Enter:
show clock
3. 4 Show modem
[Command] Show modem
[Parameter] No
[Example]
Enter:
show modem
Modem type
state
manufacturer
Product name
signal level
register state
IMSI number
Network Type
3. 5 Show log
[Parameter]
Lines <n> limits the log numbers displayed, wherein, n indicates the latest n logs in
case that it is positive integer and indicates the earliest n logs in case that it is negative
[Example]
Enter:
show log
3. 6 Show users
[Parameter] No
[Example]
Enter:
show users
User:
-------------------------------------------------
* adm
------
3. 7 Show startup-config
[Parameter] No
[Example]
53
Enter:
show startup-config
3. 8 Show running-config
[Parameter] No
[Example]
Enter:
show startup-config
4. 1 Show interface
[Parameter] No
[Example]
Enter:
show interface
4. 2 Show ip
[Command] Show ip
[Parameter] No
[Example]
Enter:
Show ip
54
Display system ip status
4. 3 Show route
[Parameter] No
[Example]
enter:
show route
4. 4 Show arp
[Parameter] No
[Example]
Enter:
show arp
Router has provided ping , telnet and traceroute for Internet testing.
5. 1 Ping
[Parameter]
Enter:
ping www.g.cn
5. 2 Telnet
[Parameter]
<port>telnet port
[Example]
Enter:
telnet 192.168.2.2
5. 3 Traceroute
[Parameter]
[Example]
Enter:
traceroute www.g.cn
6 Configuration Command
In super user view, router can use configure command to switch it over configure view for
56
management.
Some setting command can support no and default, wherein, no indicates the setting of
canceling some parameter and default indicates the recovery of default setting of some
parameter.
6. 1 Configure
[Function] Switchover to configuration view and input the equipment at the terminal end.
[Parameter] No
[Example]
configure terminal
6. 2 Hostname
default hostname
[Parameter]
[Example]
Enter in configured view:
hostname
6. 3 Clock timezone
57
[Command] Clock timezone <timezone><n>
[Parameter]
[Example]
Enter in configured view:
clock timezone CST -8
The time zone of IG601is east eighth area and the name is CST (China's standard time).
Enter in configured view:
default clock timezone
6. 4 Clock set
[Parameter]
[Example]
6. 5 Ntp server
[Command]
no ntp server
58
[Function] Set the customer end of Internet time server
[Parameter]
[Example]
Enter in configured view:
ntp server pool.ntp.org
6. 6 Config export
[Parameter] No
[Example]
config export
6. 7 Config import
[Parameter] No
[Example]
config import
59
The config. is imported.
7. 1 Reboot
[Command] Reboot
[Parameter] No
[Example]
reboot
System restarts.
7. 2 Enable username
[Parameter]
[Example]
7. 3 Enable password
[Parameter]
[Example]
Enter in configured view:
enable password
60
Enter password according to the hint.
7. 4 Username
no username <name>
default username
[Parameter] No
[Example]
Enter in configured view:
username abc password 123
Add an ordinary user, the name is abc and the password is 123.
Enter in configured view:
no username abc
61